Syncthing with HTTPS on Ubuntu 24.04 (Nginx Reverse Proxy)

Building on the instructions on HostMyCode, this guide gives configurations for Syncthing with HTTPS using Nginx as a reverse proxy on Ubuntu 24.04.

The nginx and syncthing configuations from HostMyCode did not suffice for my use case. If you are on the same track, maybe the following changes help you as well: ## nginx config

# HTTP (Port 80) –  redirects to HTTPS
server {
    listen 80;
    server_name your.domain.com;
    return 301 https://$host$request_uri;  # enforces HTTPS
}

server {
    listen 443 ssl;
    server_name your.domain.com;

    ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8384;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_buffering off;
    }
}

syncthing Configurations

<gui enabled="true" tls="false" sendBasicAuthPrompt="false">
    <address>127.0.0.1:8384</address>
    <externalUrl>http://your.domain.com</externalUrl>
    <insecureSkipHostcheck>true</insecureSkipHostcheck>
    <user>YOUR_USER_NAME</user>
    <password>YOUR_PASSWORD</password>
    <metricsWithoutAuth>false</metricsWithoutAuth>
    ...
</gui>

Importantly, TLS must be turned off since nginx handles certificates, and externalUrl must be given; do not run syncthing in root.

Checks

Check your configurations with nginx -t and systemctl status ...

Ensure your firewall allows traffic on ports 80 (HTTP) and 443 (HTTPS), and do not forget to restart / reload nginx and syncthing with systemctl.